Saturday, May 30, 2015

PDF Injection Techniques

As part of the semi-weekly document dump I have been able to do lately, here are my slides for PDF Injection methods. XOXO

Thursday, May 28, 2015

Federal innovation, and other contradictory terms

I am going to preface this with a gigantic “I make all of these statements of my own accord, and with my own opinions”. Now, let’s get to the sticky bit here.


I believe we have a particular problem here in San Antonio caused by the heavy influence of military rank and structure in the region. The area is so saturated with government money at multiple levels, that businesses are started by and upper-level positions are filled with outgoing senior officials due to their spread/depth of contacts rather than real business acumen or entrepreneurial insight. I’m thinking about calling this “vesh’s Theory of Regional Directorships” due to a series of incidents I saw early in my career. Swaths of O-5s and O-6s were getting out and immediately being made something called a “regional director”. I think this means, “put them in charge of a set of contracts where their Rolodex can be useful”. It seems that the more successful entrepreneurs I have encountered rolled out at a lower rank (if any). They actually have to learn how to manage a real business to even begin to see success. These people have to be solid from the get-go, or else there is nothing there to catch them. The graph below shows my very unscientific analysis of various anecdotes I have heard throughout the years on this subject. The drop-offs represent natural attrition of high-ranking officials from their posts of influence.
The private sector has the profit motive to encourage cost-cutting and efficiency. This motive simply does not exist in the bureaucratic world. Think about the last time someone was promoted for cutting back their budget. Expanding a corporate bottom line is a far different task than growing your Federal fiefdom. However, the enterprising individuals at the top of these contracting companies, who actually are true businessmen, realize there are short-term gains to be had by farming this level. Just drop a big contract on JBSA, then watch the courting begin. If the guy or gal you pick up not only wins the contract, but actually grows business, great. Although, this growth is almost always not through innovation or product development. It is through yet another contact with someone who has some money to spend at FY-end. So, we perpetuate this contract-heavy Federal-money laden cycle which shows great income for the the local area, but does nothing to uplift innovation. Try to ponder what would happen if JBSA were to close shop tomorrow. Would we be able to respond with private enterprise? How intertwined is our city's fate to a constant stream of public funding?


San Antonio wants to be Cyber-City, USA and it earns this moniker handily. While other areas discuss research and entrepreneurship in the computing realm, we get “cyber-this and cyber-that”. We get a new "Cyber-Center of Excellence" or another "Innovation Partnership". Where is our Apple? Why isn't the latest device from Google created here? You can’t just say, “We have capital here; massive amounts of capital. Why aren’t we accomplishing what Cupertino, Palo Alto, and Austin have accomplished?”. I think there is a perfect analog to old Soviet market adjustments, where they pegged their commodity prices to ours. Instead of actually performing true free-market actions, they simply took our figures and applied those as a basis. Of course this never worked. They never got it right, but they still tried until the Iron Curtain fell. Factories were built based on political expediency and placed where unemployment concerns existed, not upon where it made the most business-sense. This political expediency has a similar effect in our city when funding is allocated


There is so much nonprofit and Federal income in this area we are taking all of the market incentive out of our technical sector. It is easier to hire a senior official and snag a contract than it is to engage in true innovation. 24th Air Force is not going to create the next Facebook, no matter what the RFI on FedBizOps says. Contracting is fine, and there is nothing wrong with responding to requests for proposals. I think we delude ourselves, though, by not addressing the multi-billion dollar elephant in the room. Continuing to deliberate over why we have all these resources surrounding us, but we can’t create the same climate like other cities, is useless. We have to foster private capital investment and wean ourselves from the government cow.

Like most other people in this city, I want to create sustainable capital markets. We can grow past the government sector being such a large center of gravity in our midst. If we foster private innovation here and now, other cities would be hard pressed to offer a better business climate.

Monday, May 25, 2015

Memory and Binary Comparison using Computer Vision - a Visual Walkthrough

I started doing some work a bit ago that dealt with how to check the level of similarity between two email headers with Lance James. This led to an overall look at how to compare memory and running binaries. I have embedded the PDF I created for your pleasure.

Wednesday, May 20, 2015

A Tribute to Pork (Hamming, get it?)

I made this presentation as a short talk at SAHA! (satxhackers.org). It started as a true curiosity by a couple of us on IRC during the row hammer debacle. We knew some of the correction and detection schemes, but wanted to learn some history behind it. As it turned out, this Hamming fellow is interesting as all hell and it turned into a briefing on him. Enjoy.

Wednesday, May 13, 2015

SMT Saves U and Me

I did this for SAHA! and UTSA's Cyber Security Group. Hopefully it will make using solvers practical to some beginning exploit devs.

Tuesday, May 12, 2015

Slides from ISSW 2015 TurboTalk about GSM Sniffing

Here are the slides I made for how to create a custom cable for GSM sniffing.

Saturday, May 9, 2015

DoD - Stop Bitching and get off my Tubes!!!

Cyberwarfare, probably the most loaded term in computing history outside of anything a sales rep has told you about their latest IPS product. If we really wanted the Department of Defense’s networks to be more hack-resilient, we should demand that they remove any presence they have on the public Internet.

When former Deputy Secretary of Defense William Lynn, a Raytheon lobbyist, was appointed one of his first initiatives was to open up the DoD to social media sites (1). The tack he took was to try to ‘balance’ the social media world with the fact that those same platforms had been used to attack DoD networks. The effect, however, was quite different.

This social media position taken by Secretary Lynn had the effect of allowing any and all Facebook, Youtube, etc. through the DoD networks as long as they were “approved”. Now am I saying that a former Raytheon lobbyist deliberately weakened military networks for the purpose of growing Raytheon’s multi-billion dollar Federal cyber defense contracting arm, of course not. I am just saying that anybody who was truly concerned about ‘cyberwarfare’ and ‘hacktivists’ would probably not want to have military personnel cruising MySpace, or able to get on their Gmail.

Bringing up a more salient point, should we be funding web surfing? Why does the DoD need a web presence above a web page, and a Wikipedia entry? We spend hundreds of billions of dollars a year on security, and network management at the federal level. Can’t we shave a few billion off and make them use their own, secure, network? Wait, we already do - it’s called the SIPRNet, JWICS, NSANet, and a whole host of others. They are not routable to the public Internet. They still manage to reach our deployed assets. The DoD can’t even move to a whitelist format where they could just blackhole domains that don’t route to .mil or .gov.

Personally, I know that deploying to a foreign country is rough when you have loved ones at home. When I wanted to talk to my family, I needed to go to the office and either set up a telecon with my relatives or use the unsecured line and a calling card. I realize it would have been easier to do this over the Internet, but that just wasn’t possible at the time. Are deployments supposed to be easy though? I signed up for the military, mostly of my own volition. There were some external circumstances that forced my hand a bit, but those were of my own making as well. Maybe we should consider making deployments less frequent instead of focusing on making them easier.

The next time somebody gets up and talks about “Advanced Persistent Threat” or “Anonymous” why don’t we ask them why don’t they take the DoD off of the Internet? Security consultants ought to be pushing for the military to get their bottoms off the public tubes. I know it sells books and consulting services to have the perpetual cyber-employment scheme running, but if you actually care we should cut the cord. By the way, former Secretary Lynn is now the head of DRS Technologies whose Google tagline reads “Supplier of defense electronic systems to government and commercial markets.” Just pointing out the facts people...just the facts (2).